Alerts
The alerts are divided into two parts. The classic alerts presented on this page and the advanced alerts.
Dernière mise à jour
The alerts are divided into two parts. The classic alerts presented on this page and the advanced alerts.
Dernière mise à jour
The Alerts section allows you to set up alerts for a device.
Alerts are sent by email to the email address of the logged in user.
Every hour, the cyber weather level of the day is evaluated. If it has increased compared to the last assessment, an alert is sent.
The report is an alert that is sent out every day with the previous day's cyber weather.
The alert is triggered every day at the first hour (local time of the device).
The toxic flow alert is triggered when flows with one or more toxic IP addresses have been reported by the device. This is done every hour.
The Suspicious Flow Alert is triggered when flows to one or more IP addresses in the Suspicious Remote IP Addresses list are reported by the device.
If no IP address is configured in the list, then no alert will be sent.
The critical flow alert is triggered when flows with one or more toxic IP addresses with a critical threat are brought up by the device.
This alert has been deleted. You can use advanced alerts by selecting the type(s) of threat for which an alert should be triggered.
If a single endpoint on the network generates more than 40% of the network flows within an hour, then a bandwidth alert will be sent.
Using this alert for a supervised network with very few endpoints is not recommended.
If only one endpoint is present, then it will use 100% of the bandwidth and the alert will be triggered.
If the device does not report any logs for more than one hour, then its status changes to disconnected and the alert is triggered.
In addition, when the device reconnects to services, a reconnection alert will be sent.
A disconnection / reconnection alert will always be sent to the technical reseller contacts configured in the Reseller form of the device fleet.
This alert cannot be disabled.
